123Scurity:6 \Fix HMAC handshake, generate API keys in Google Login, and relax JWT issuer
This commit is contained in:
Hamza-Ayed
@@ -96,10 +96,75 @@ class InviteController extends Controller
|
|||||||
/** POST /v2/invites/passenger */
|
/** POST /v2/invites/passenger */
|
||||||
public function invitePassenger(Request $request): JsonResponse
|
public function invitePassenger(Request $request): JsonResponse
|
||||||
{
|
{
|
||||||
return response()->json([
|
if (!$request->has(['passengerID', 'inviterPassengerPhone'])) {
|
||||||
'status' => 'success',
|
return response()->json([
|
||||||
'message' => 'Not implemented yet'
|
'status' => 'failure',
|
||||||
]);
|
'message' => 'Missing required parameters'
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
$passengerId = $request->input('passengerID');
|
||||||
|
$phone = $request->input('inviterPassengerPhone');
|
||||||
|
$phoneEnc = $this->enc->encrypt($phone);
|
||||||
|
|
||||||
|
$existing = DB::connection('primary')->table('invitesToPassengers')
|
||||||
|
->where('inviterPassengerPhone', $phoneEnc)
|
||||||
|
->first();
|
||||||
|
|
||||||
|
if ($existing) {
|
||||||
|
if ($existing->isInstall == 1) {
|
||||||
|
return response()->json([
|
||||||
|
'status' => 'failure',
|
||||||
|
'message' => $existing->inviteCode
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
$expirationTime = now()->addHour();
|
||||||
|
DB::connection('primary')->table('invitesToPassengers')
|
||||||
|
->where('id', $existing->id)
|
||||||
|
->update([
|
||||||
|
'passengerID' => $passengerId,
|
||||||
|
'expirationTime' => $expirationTime,
|
||||||
|
'createdAt' => now()
|
||||||
|
]);
|
||||||
|
|
||||||
|
return response()->json([
|
||||||
|
'status' => 'success',
|
||||||
|
'message' => [
|
||||||
|
'inviteId' => $existing->id,
|
||||||
|
'inviteCode' => $existing->inviteCode,
|
||||||
|
'expirationTime' => $expirationTime->toDateTimeString()
|
||||||
|
]
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
$inviteCode = $this->generateUniqueCodePassenger();
|
||||||
|
$expirationTime = now()->addHour();
|
||||||
|
|
||||||
|
try {
|
||||||
|
$id = DB::connection('primary')->table('invitesToPassengers')->insertGetId([
|
||||||
|
'passengerID' => $passengerId,
|
||||||
|
'inviterPassengerPhone' => $phoneEnc,
|
||||||
|
'inviteCode' => $inviteCode,
|
||||||
|
'expirationTime' => $expirationTime,
|
||||||
|
'createdAt' => now(),
|
||||||
|
'isInstall' => 0
|
||||||
|
]);
|
||||||
|
|
||||||
|
return response()->json([
|
||||||
|
'status' => 'success',
|
||||||
|
'message' => [
|
||||||
|
'inviteId' => $id,
|
||||||
|
'inviteCode' => $inviteCode,
|
||||||
|
'expirationTime' => $expirationTime->toDateTimeString()
|
||||||
|
]
|
||||||
|
]);
|
||||||
|
} catch (\Exception $e) {
|
||||||
|
return response()->json([
|
||||||
|
'status' => 'failure',
|
||||||
|
'message' => 'Database error: ' . $e->getMessage()
|
||||||
|
]);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/** GET /v2/invites/gift */
|
/** GET /v2/invites/gift */
|
||||||
@@ -128,4 +193,21 @@ class InviteController extends Controller
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function generateUniqueCodePassenger(): string
|
||||||
|
{
|
||||||
|
while (true) {
|
||||||
|
$letters = strtoupper(Str::random(4));
|
||||||
|
$numbers = rand(100, 999);
|
||||||
|
$code = $letters . $numbers;
|
||||||
|
|
||||||
|
$exists = DB::connection('primary')->table('invitesToPassengers')
|
||||||
|
->where('inviteCode', $code)
|
||||||
|
->exists();
|
||||||
|
|
||||||
|
if (!$exists) {
|
||||||
|
return $code;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user